Recipe 16.14. Troubleshooting a Corrupt Event Log

Previous page
Table of content
Next page

Problem

You have a corrupt event log that prevents you from viewing events. You may be seeing Dr. Watson errors after starting Event Viewer.

Solution

The following steps describe how to remove a corrupted event log:

  1. Open the Services snap-in (services.msc).

  2. In the right pane, double-click the Event Log service.

  3. Beside Startup type, select Disabled, and click OK.

  4. Reboot the computer. After the system restarts, you may see various error messages about some services failing to start.

  5. Log in and delete the event log file (located under %SystemRoot%\System32\Config) that corresponds to the event log that is corrupted.

  6. Open the Services snap-in (services.msc).

  7. In the right pane, double-click the Event Log service.

  8. Beside Startup type, select Automatic, and click OK.

  9. Reboot the computer.

Discussion

The only way to get a corrupted event log working again is to delete it. Because the Event Log service always has the event log files (%SystemRoot%\System32\Config\*.evt) open, you can't simply just delete them and be done. You need to first stop the Event Log service, but you can't even do that initially. Other services, such as Windows Management Instrumentation, depend on the Event Log service, so it cannot be stopped or paused. The only workaround is to set the Event Log service startup type to Disabled and reboot the computer. When the computer boots up, it will not start the service or any services that depend on it. This gives you an opportunity to log in and delete the corrupted files. After you are done with that, be sure to set the Event Log service back to Automatic and restart the computer. When the system restarts, the Event Log service will automatically create new files for any event logs that don't have one.

If your event log had important information that you don't want to lose, another option would be to restore the event log files from backup. You would follow the same procedure as the one just outlined, but instead of deleting the files, you would restore them from a good backup. Obviously, you will lose any events that were generated after the backup was taken, but at least you won't lose them all.

See Also

MS KB 172156, "How to Delete Corrupt Event Viewer Log Files"


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Java How to Program (6th Edition) (How to Program (Deitel))
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
PMP Practice Questions Exam Cram 2
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy